<?php
/**
 * SHOP 控制台首页
 * ============================================================================
 * 网络科技有限公司，并保留所有权利。
*/
define('IN_ZYS', true);
require(dirname(__FILE__) . '/includes/init.php');

//用户登录
if($_REQUEST['act'] == 'login'){
	if($_POST){
		$username = isset($_POST['username']) ? trim($_POST['username']) : '';
     	$password = isset($_POST['password']) ? trim($_POST['password']) : '';
		$yzm = isset($_POST['verify']) ? strtoupper($_POST['verify']) : '';
		
		//检测验证码是否正确
		if($yzm!=$_SESSION['validationcode']){echo "<script>alert('验证码错误！');history.go(-1);</script>";exit;}
		$sql="SELECT `ec_salt` FROM " .ly() ."admin_user WHERE user_name = '{$username}'";
		$ec_salt =$db->getOne($sql);
		if(!empty($ec_salt)){
			 /* 检查密码是否正确 */
			 $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt,passport_uid FROM " .ly() ."admin_user WHERE user_name = '{$username}' AND password = '" . md5(md5($password).$ec_salt) . "'";
		}else{
			 /* 检查密码是否正确 */
			 $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt,passport_uid FROM " .ly() ."admin_user WHERE user_name = '{$username}' AND password = '" . md5($password) . "'";
		}
		$row = $db->getRow($sql);
		if($row){
			set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']);
        	$_SESSION['suppliers_id'] = $row['suppliers_id'];
			ecs_header("Location: ./index.php\n");
        	exit;
		}else{
			echo "<script>alert('用户名或密码错误！');history.go(-1);</script>";
			exit;
		}
	}else{
		$smarty->display("login.html");
		exit;
	}
//-- 退出登录
}elseif($_REQUEST['act'] == 'logout'){
    /* 清除session--cookie */
    setcookie('ECSCP[admin_id]',   '', 1);
    setcookie('ECSCP[admin_pass]', '', 1);
	$sess->destroy_session();
    $url = $GLOBALS['zys']->url()."admin/privilege.php?act=login";
    echo "<script>window.location.href='$url'</script>";
}elseif($_REQUEST['act'] == 'uppassword'){
	if($_POST){
		if(empty($_POST['oldpassword'])){
			echo "<script>alert('旧密码不能为空')</script>";
		}elseif(empty($_POST['newpassword1'])){
			echo "<script>alert('新密码不能为空')</script>";
		}elseif(empty($_POST['newpassword2'])){
			echo "<script>alert('请重复输入密码')</script>";
		}else{
			$admin_id=$_SESSION['admin_id'];
			$oldpassword = isset($_POST['oldpassword'])?trim($_POST['oldpassword']):'';
			$newpassword1 = isset($_POST['newpassword1'])?trim($_POST['newpassword1']):'';
			$newpassword2 = isset($_POST['newpassword2'])?trim($_POST['newpassword2']):'';
			$sql1="select ec_salt,password from ".ly()."admin_user where user_id = '{$admin_id}'";
			$row=$db->getRow($sql1);
			$password=$row['password'];
			$ec_salt=$row['ec_salt'];
			$oldpassword=md5(md5($oldpassword).$ec_salt);
			if(!empty($ec_salt)){
				if($oldpassword==$password){
					if($newpassword1!=$newpassword2){
						echo "<script>alert('两次输入密码不一致')</script>";
						$smarty->display("uppassword.html");
						exit;
					}else{
						$newpassword=md5(md5($newpassword1).$ec_salt);
						$sql = "update ". ly() ."admin_user set password = '{$newpassword}' where user_id = '{$admin_id}'";
						$db->query($sql);
						if(mysql_affected_rows){
							$sess->destroy_session();
							echo "<script>alert('修改成功，请重新登录')</script>";
							echo "<script>window.location.href='index.php'</script>";
							exit;
						}else{
							echo "<script>alert('修改失败')</script>";
							$smarty->display("uppassword.html");
						}
					}
				}else{
					echo "<script>alert('原始密码错误')</script>";
					$smarty->display("uppassword.html");
					exit;
				}
			}
		}
	}
	
	
	$smarty->display("uppassword.html");
}elseif($_REQUEST['act'] == 'yzm'){
	echo yzm();
}

?>
